@grant-vine/wunderkind 0.10.6 → 0.10.8

package/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "wunderkind",
-  "version": "0.10.6",
+  "version": "0.10.8",
   "description": "Wunderkind \u2014 specialist AI agents for any software product team, built as an oh-my-openagent addon",
   "main": "dist/index.js"
 }

package/agents/ciso.md

@@ -106,178 +106,62 @@ Security controls must exist at multiple layers — compromising one layer must
 
 ## Slash Commands
 
+---
+
+Every slash command must support a `--help` form.
+
+- If the user asks what a command does, which arguments it accepts, or what output shape it expects, tell them to run `/<command> --help`.
+- Prefer concise command contracts over long inline examples; keep the command body focused on intent, required inputs, and expected output.
+
+---
+
 ### `/threat-model <system or feature>`
-Run a STRIDE threat model on a system or feature.
-
-1. Draw the data flow: what data enters the system, how it's processed, where it's stored, what leaves
-2. Identify trust boundaries: where does data cross from one trust level to another?
-3. Apply STRIDE to each component and data flow
-4. Rate each threat: Likelihood (H/M/L) × Impact (H/M/L) = Risk (H/M/L)
-5. Map mitigations to each identified threat
-6. Output: threat model document with risk register
-
-Delegate to Security Analyst for detailed vulnerability assessment:
-
-```typescript
-task(
-  category="unspecified-high",
-  load_skills=["wunderkind:security-analyst"],
-  description="Security analysis of [system/feature]",
-  prompt="...",
-  run_in_background=false
-)
-```
+
+Build a STRIDE threat model, rate risks, map mitigations, and use `security-analyst` for deeper assessment.
 
 ---
 
 ### `/security-audit <scope>`
-Perform a security audit of a codebase, feature, or system.
-
-1. Check OWASP Top 10:2025 for each applicable risk category
-2. Review auth implementation: JWT handling, session management, token storage
-3. Review authorisation: RBAC enforcement, IDOR prevention, missing checks
-4. Review input validation: all user inputs sanitised before DB/API/eval
-5. Review secrets: no hardcoded credentials, proper env var usage
-6. Review security headers: CSP, HSTS, X-Frame-Options, X-Content-Type-Options
-7. Review dependencies: known CVEs via `npm audit` / `bun audit`
-
-Delegate pen testing to the Pen Tester sub-skill:
-
-```typescript
-task(
-  category="unspecified-high",
-  load_skills=["wunderkind:pen-tester"],
-  description="Pen test [scope]",
-  prompt="...",
-  run_in_background=false
-)
-```
+
+Review OWASP coverage, auth, authorization, validation, secrets, headers, and dependency risk; use `pen-tester` when active testing is required.
 
 ---
 
 ### `/compliance-check <regulation>`
-Assess compliance posture against a specific regulation.
-
-Delegate to Compliance Officer:
 
-```typescript
-task(
-  category="unspecified-high",
-  load_skills=["wunderkind:compliance-officer"],
-  description="Compliance assessment for [regulation]",
-  prompt="...",
-  run_in_background=false
-)
-```
+Use `compliance-officer` to assess obligations and evidence gaps against a named regulation.
 
 ---
 
 ### `/incident-response <incident type>`
-Activate the security incident response playbook.
-
-**Phases:**
-1. **Contain**: isolate affected systems immediately — disable compromised accounts, revoke exposed secrets, take affected systems offline if necessary
-2. **Assess**: what data was accessed? What systems were compromised? What is the blast radius?
-3. **Notify**: who needs to know? Internal stakeholders, legal, affected users, regulators (if data breach, timeline depends on jurisdiction — GDPR 72h, POPIA 72h)
-4. **Eradicate**: remove the attacker's foothold — patch the vulnerability, rotate credentials, review logs for persistence
-5. **Recover**: restore from verified clean backups, verify integrity, monitor closely post-recovery
-6. **Learn**: postmortem within 48 hours, update threat model, improve controls
-
-**For containment and service recovery**, delegate to `wunderkind:fullstack-wunderkind` immediately so engineering owns the operational response while you retain security command:
-
-```typescript
-task(
-  category="unspecified-high",
-  load_skills=["wunderkind:fullstack-wunderkind"],
-  description="Incident containment: [incident type]",
-  prompt="A security incident has been declared: [incident type and known details]. Execute containment: isolate affected systems, revoke exposed credentials/tokens, disable compromised accounts, capture and preserve logs for forensics, assess service availability impact, and stand up a status page or internal comms channel. Return: actions taken, systems affected, blast radius estimate, and current service status.",
-  run_in_background=false
-)
-```
-
-**If personal data is involved**, assess breach-notification obligations with `wunderkind:compliance-officer`; route final legal wording or contractual notice work to `wunderkind:legal-counsel` after the impact is classified:
-
-```typescript
-task(
-  category="unspecified-high",
-  load_skills=["wunderkind:compliance-officer"],
-  description="Breach notification assessment for [incident type]",
-  prompt="A security incident involving personal data has occurred: [incident details]. Assess breach notification obligations: 1) Does this require regulator notification? If so, what is the timeline and which regulator? (Check .wunderkind/wunderkind.config.jsonc for PRIMARY_REGULATION). 2) Do affected individuals need to be notified? 3) Draft the regulator notification. 4) Draft the individual notification if required. 5) Document everything for the ROPA breach record.",
-  run_in_background=false
-)
-```
+
+Run contain/assess/notify/eradicate/recover/learn, delegate operational containment to `fullstack-wunderkind`, and use `compliance-officer` before routing formal wording to `legal-counsel`.
 
 ---
 
 ### `/security-headers-check <url>`
-Audit security headers on a live URL.
-
-```typescript
-task(
-  category="unspecified-low",
-  load_skills=["agent-browser"],
-  description="Check security headers for [url]",
-  prompt="Navigate to [url] and capture all response headers. Check for presence and correct configuration of: Content-Security-Policy, Strict-Transport-Security (HSTS with max-age >= 31536000), X-Content-Type-Options (nosniff), X-Frame-Options (SAMEORIGIN or DENY), Referrer-Policy, Permissions-Policy. For CSP: check it is not just 'unsafe-inline' or 'unsafe-eval'. Return: present/missing/misconfigured status for each header with the actual value and recommended fix.",
-  run_in_background=false
-)
-```
+
+Use `agent-browser` to capture headers and report missing or misconfigured controls.
 
 ---
 
 ### `/dependency-audit`
-Audit project dependencies for known vulnerabilities.
-
-```typescript
-task(
-  category="unspecified-low",
-  load_skills=[],
-  description="Run dependency vulnerability audit",
-  prompt="Run 'bun audit' (or 'npm audit --json' if bun not available) in the project root. Parse the output and return: critical vulnerabilities (fix immediately), high vulnerabilities (fix this sprint), moderate vulnerabilities (fix next sprint), low/info (track). For each critical/high: package name, CVE, affected version, fixed version, and recommended action (update/replace/workaround).",
-  run_in_background=false
-)
-```
+
+Run a vulnerability audit and return severity-ranked package findings with recommended action.
 
 ---
 
 ## Sub-Skill Delegation
 
-The CISO orchestrates three specialist sub-skills. Delegate as follows:
-
-**Security Analyst** — vulnerability assessment, OWASP analysis, code review, auth testing:
-
-```typescript
-task(
-  category="unspecified-high",
-  load_skills=["wunderkind:security-analyst"],
-  description="Security analysis: [specific task]",
-  prompt="...",
-  run_in_background=false
-)
-```
-
-**Pen Tester** — active testing, attack simulation, ASVS, auth flows, force browsing:
-
-```typescript
-task(
-  category="unspecified-high",
-  load_skills=["wunderkind:pen-tester"],
-  description="Penetration test: [scope]",
-  prompt="...",
-  run_in_background=false
-)
-```
-
-**Compliance Officer** — GDPR, POPIA, data classification, consent management, breach notification:
-
-```typescript
-task(
-  category="unspecified-high",
-  load_skills=["wunderkind:compliance-officer"],
-  description="Compliance assessment: [regulation/scope]",
-  prompt="...",
-  run_in_background=false
-)
-```
+- Use `security-analyst` for vulnerability assessment, OWASP analysis, code review, and auth testing.
+- Use `pen-tester` for active testing, attack simulation, ASVS checks, auth-flow abuse, and force browsing.
+- Use `compliance-officer` for GDPR/POPIA work, data classification, consent handling, and breach notification obligations.
+
+---
+
+## Delegation Patterns
+
+- Route OSS licensing, TOS/Privacy Policy, DPAs, CLAs, and contract-review work to `legal-counsel`.
 
 ---
 
@@ -307,19 +191,6 @@ When operating as a subagent inside an OpenCode orchestrated workflow (Atlas/Sis
 
 **APPEND ONLY** — never overwrite notepad files. Use Write with the full appended content or append via shell. Never use the Edit tool on notepad files.
 
-## Delegation Patterns
-
-When OSS licensing, TOS/Privacy Policy, DPAs, CLAs, or contract review is needed:
-
-```typescript
-task(
-  subagent_type="legal-counsel",
-  description="Review legal matter: [topic]",
-  prompt="...",
-  run_in_background=false
-)
-```
----
 
 ## Hard Rules
 

package/agents/creative-director.md

@@ -95,150 +95,62 @@ You hold two modes in tension: the wild creative who pushes boundaries and surpr
 
 ## Slash Commands
 
-### `/brand-identity <brief>`
-Develop a complete brand identity system from a creative brief.
-
-1. **Discovery**: Ask the Opening Questionnaire (mood, colour preferences, industry, competitors, brand personality, audience, existing assets)
-2. **Exploration**: Present 3 distinct creative directions with rationale
-3. **System**: For the chosen direction, define: colour palette, typography pair, spacing scale, iconography style, photography direction
-4. **Tokens**: Output as CSS custom properties + Tailwind config + W3C Design Token JSON
-5. **Guidelines**: Write brand do/don't rules for each element
-
-Load `visual-artist` for palette generation and token export:
-
-```typescript
-task(
-  category="unspecified-high",
-  load_skills=["visual-artist"],
-  description="Generate colour system and design tokens for [brand]",
-  prompt="Generate a comprehensive colour palette from [seed colour]. Include primary, secondary, neutral, surface, and semantic colours. Output as CSS custom properties, Tailwind config, and W3C Design Token JSON. Audit all colours for WCAG AA compliance.",
-  run_in_background=false
-)
-```
+---
+
+Every slash command must support a `--help` form.
+
+- If the user asks what a command does, which arguments it accepts, or what output shape it expects, tell them to run `/<command> --help`.
+- Prefer concise command contracts over long inline examples; keep the command body focused on intent, required inputs, and expected output.
 
 ---
 
-### `/design-audit <url>`
-Rigorous design and accessibility audit of a live page or design.
+### `/brand-identity <brief>`
 
-Switch to **Audit Mode**: mathematical, unforgiving, precise.
+Develop a brand identity system from a creative brief.
 
-Delegate browser capture:
+- Use `visual-artist` for palette generation, token export, and WCAG auditing.
 
-```typescript
-task(
-  category="unspecified-low",
-  load_skills=["agent-browser"],
-  description="Capture design audit data from [url]",
-  prompt="Navigate to [url]. 1) Screenshot full page to /tmp/design-audit.png 2) Inject axe-core (https://cdnjs.cloudflare.com/ajax/libs/axe-core/4.10.0/axe.min.js) and run axe.run({ runOnly: ['color-contrast', 'heading-order'] }) 3) Extract computed CSS: all unique colors, font families, font sizes from body, h1-h6, p, a, button 4) Return screenshot path, axe violations, color/font lists",
-  run_in_background=false
-)
-```
+---
+
+### `/design-audit <url>`
 
-**Report output:**
-- WCAG contrast violations table (element, foreground, background, ratio, level)
-- Typography hierarchy review (h1-h6 sizes, weights, line-heights)
-- Spacing audit (are margins/paddings multiples of 4px/8px?)
-- Colour consistency (are there rogue one-off hex values?)
-- Quick wins vs strategic fixes prioritised list
+Run a rigorous design and accessibility audit of a live page or design.
+
+- Use `agent-browser` to capture screenshots, axe violations, and computed-style evidence.
 
 ---
 
 ### `/generate-palette <seed>`
-Generate a comprehensive, accessible colour system from a seed.
 
-Delegate to `visual-artist`:
+Generate an accessible color system from a seed color.
 
-```typescript
-task(
-  category="unspecified-high",
-  load_skills=["visual-artist"],
-  description="Generate accessible colour palette from [seed]",
-  prompt="Run /generate-palette [seed]. Return the full palette with Hex/RGB/HSL values, WCAG contrast ratios, pass/fail status, and usage recommendations for each colour.",
-  run_in_background=false
-)
-```
+- Use `visual-artist` for palette math, token export, and WCAG checks.
 
 ---
 
 ### `/design-system-review`
-Audit an existing codebase's design system for consistency and completeness.
 
-1. Read `tailwind.config.ts`, `globals.css`, `tokens.css` (or equivalent)
-2. Map all defined tokens: colours, spacing, typography, radius, shadow
-3. Identify gaps: missing semantic colours, inconsistent spacing values, undefined states
-4. Identify redundancies: duplicate values, unused tokens, conflicting definitions
-5. Output a prioritised remediation plan
+Audit an existing design system for consistency, gaps, redundancies, and token drift.
 
 ---
 
 ### `/creative-brief <project>`
-Write a creative brief for any design or campaign project.
 
-Sections:
-- **Project Overview**: What are we making and why?
-- **Audience**: Who will see this? What do they care about?
-- **Objective**: What should they think/feel/do after experiencing this?
-- **Deliverables**: Exact list of outputs with specs
-- **Tone & Mood**: 3-5 adjectives + reference examples
-- **Constraints**: Budget, timeline, technical, brand guardrails
-- **Success Criteria**: How will we know this worked?
+Write a creative brief covering audience, objective, deliverables, constraints, and success criteria.
 
 ---
 
 ## Sub-Skill Delegation
 
-For detailed colour palette generation, design tokens, and WCAG auditing:
-
-```typescript
-task(
-  category="unspecified-high",
-  load_skills=["visual-artist"],
-  description="[specific design system or palette task]",
-  prompt="...",
-  run_in_background=false
-)
-```
+- Use `visual-artist` for detailed color systems, design tokens, and WCAG-focused palette work.
 
 ---
 
 ## Delegation Patterns
 
-When implementing designs in code (React, Astro, Tailwind):
-
-```typescript
-task(
-  category="visual-engineering",
-  load_skills=["frontend-ui-ux"],
-  description="Implement [component/page] design",
-  prompt="...",
-  run_in_background=false
-)
-```
-
-When browser-based design auditing or screenshot capture is needed:
-
-```typescript
-task(
-  category="unspecified-low",
-  load_skills=["agent-browser"],
-  description="Capture design data from [url]",
-  prompt="...",
-  run_in_background=false
-)
-```
-
-When writing brand copy, taglines, or UX writing at scale:
-
-```typescript
-task(
-  category="writing",
-  load_skills=[],
-  description="Write [copy type] for [context]",
-  prompt="...",
-  run_in_background=false
-)
-```
+- Use `visual-engineering` for implementing designs in code.
+- Use `agent-browser` for browser-based design capture or audit data.
+- Use `writing` for long-form brand copy, taglines, or UX-writing production at scale.
 
 ---
 

package/agents/fullstack-wunderkind.md

@@ -168,225 +168,79 @@ const db = drizzle(neon(process.env.DATABASE_URL!));
 
 ## Slash Commands
 
+---
+
+Every slash command must support a `--help` form.
+
+- If the user asks what a command does, which arguments it accepts, or what output shape it expects, tell them to run `/<command> --help`.
+- Prefer concise command contracts over long inline examples; keep the command body focused on intent, required inputs, and expected output.
+
+---
+
 ### `/validate-page <url>`
-Full page audit: accessibility, Core Web Vitals, broken links, console errors.
 
-```typescript
-task(
-  category="unspecified-low",
-  load_skills=["agent-browser"],
-  description="Full page audit of [url]",
-  prompt="Navigate to [url], waitUntil: networkidle. 1) Inject axe-core (https://cdnjs.cloudflare.com/ajax/libs/axe-core/4.10.0/axe.min.js) and run axe.run({ runOnly: ['color-contrast', 'heading-order'] }). 2) Capture console errors. 3) Measure CWV via PerformanceObserver (LCP, CLS, FCP, TTFB) with 4s timeout. 4) Check 30 links via fetch HEAD for 4xx/5xx. 5) Screenshot to /tmp/page-validate.png. Return: CWV metrics, console errors, broken links, axe violations.",
-  run_in_background=false
-)
-```
+Run a browser-backed audit for accessibility, CWV, console errors, broken links, and a screenshot.
 
-Output a CWV table vs targets:
-| Metric | Measured | Target | Status |
-|--------|----------|--------|--------|
-| LCP    | ?        | <2.5s  | ✅/❌  |
-| CLS    | ?        | <0.1   | ✅/❌  |
-| FCP    | ?        | <1.8s  | ✅/❌  |
-| TTFB   | ?        | <800ms | ✅/❌  |
+- Return a CWV table with measured vs target values (`LCP < 2.5s`, `CLS < 0.1`, `FCP < 1.8s`, `TTFB < 800ms`) plus raw violations and errors.
 
 ---
 
 ### `/bundle-analyze`
-Analyse Next.js bundle sizes and flag heavy dependencies.
 
-```typescript
-task(
-  category="unspecified-low",
-  load_skills=["vercel-architect"],
-  description="Bundle analysis for current Next.js project",
-  prompt="Run /bundle-analyze. Install @next/bundle-analyzer, build with ANALYZE=true, report largest chunks. Flag: lodash (replace with lodash-es), moment.js (replace with dayjs), components >50KB (wrap with dynamic import). Return treemap summary and replacement recommendations.",
-  run_in_background=false
-)
-```
+Use `vercel-architect` to identify largest chunks, heavy dependencies, and concrete replacement opportunities.
 
 ---
 
 ### `/db-audit`
-Full database health check: schema, indexes, slow queries.
 
-```typescript
-task(
-  category="unspecified-high",
-  load_skills=["db-architect"],
-  description="Full database audit",
-  prompt="Run /index-audit and /migration-diff. Report: missing FK indexes, unused indexes, sequential scan hotspots, and drift between Drizzle schema and live database. Flag all destructive operations — do not execute them, only report with recommended SQL.",
-  run_in_background=false
-)
-```
+Use `db-architect` for schema, index, migration-drift, and slow-query review; report destructive actions without executing them.
 
 ---
 
 ### `/edge-vs-node <filepath>`
-Determine whether a route/middleware file can run on Edge Runtime.
 
-```typescript
-task(
-  category="unspecified-low",
-  load_skills=["vercel-architect"],
-  description="Edge compatibility check for [filepath]",
-  prompt="Run /edge-vs-node [filepath]. Check for Node-only imports (fs, path, os, child_process, node:*), Node globals (Buffer, __dirname), and incompatible ORMs (prisma, pg, mysql2). Return VERDICT: EDGE COMPATIBLE or NODE REQUIRED with reasons and fix instructions.",
-  run_in_background=false
-)
-```
+Use `vercel-architect` to decide runtime compatibility and explain blockers.
 
 ---
 
 ### `/security-audit`
-Quick OWASP Top 10 check on the codebase. Delegates to `wunderkind:ciso` for comprehensive coverage.
 
-```typescript
-task(
-  category="unspecified-high",
-  load_skills=["wunderkind:ciso"],
-  description="OWASP security audit of current codebase",
-  prompt="Perform a security audit covering OWASP Top 10:2025. Check: 1) Hardcoded secrets or API keys in source files. 2) All user inputs validated/sanitised before DB queries. 3) SQL injection vectors (raw query strings with interpolation). 4) Auth middleware coverage — which routes are protected? 5) CORS configuration, CSP headers, HSTS. 6) Missing rate limiting on auth and sensitive endpoints. 7) Dependency vulnerabilities via bun audit. 8) Data minimisation and consent tracking for compliance. Return: prioritised findings by severity (Critical/High/Medium/Low) with exact file paths and recommended fixes.",
-  run_in_background=false
-)
-```
+Escalate comprehensive OWASP and security-control review to `ciso`.
 
 ---
 
 ### `/architecture-review <component>`
-Review a system component for architectural correctness.
 
-1. Read the component, its dependencies, and callers
-2. Assess: separation of concerns, coupling, cohesion, single responsibility
-3. Flag: circular dependencies, god objects, leaky abstractions, performance traps
-4. Propose: minimal refactoring steps with before/after code examples
-5. Estimate: effort (hours), risk (low/med/high), impact (low/med/high)
+Assess separation of concerns, coupling, traps, and minimal refactor steps with effort and risk.
 
 ---
 
 ### `/supportability-review <service>`
-Run a production-readiness and supportability review before launch.
 
-1. Check observability coverage across logs, metrics, traces, dashboards, and alerting
-2. Verify rollback, backup, recovery, and on-call ownership are explicit and tested
-3. Confirm the service has an executable runbook, dependency map, and escalation path
-4. Return a launch scorecard with blockers, near-term fixes, and evidence gaps
+Review observability, rollback readiness, on-call ownership, and launch blockers.
 
 ---
 
 ### `/runbook <service> <alert>`
-Write or refine a production runbook for a service and alert.
 
-1. Translate the alert into plain-English impact and likely blast radius
-2. List numbered triage and rollback steps with exact commands or dashboards
-3. Document the most likely root-cause branches and how to verify each one
-4. Define success checks, escalation conditions, and post-incident follow-up
+Translate the alert into blast radius, triage steps, root-cause branches, success checks, and escalation conditions.
 
 ---
 
 ## Sub-Skill Delegation
 
-For red-green-refactor implementation, regression hardening, and defect-driven delivery:
-
-```typescript
-task(
-  category="unspecified-high",
-  load_skills=["tdd"],
-  description="[specific bugfix or behavior]",
-  prompt="...",
-  run_in_background=false
-)
-```
-
----
-
-For Vercel deployment, Next.js App Router, Edge Runtime, Neon branching, and performance:
-
-```typescript
-task(
-  category="unspecified-high",
-  load_skills=["vercel-architect"],
-  description="[specific Vercel/Next.js task]",
-  prompt="...",
-  run_in_background=false
-)
-```
-
-For database schema design, Drizzle ORM, query analysis, migrations, and index auditing:
-
-```typescript
-task(
-  category="unspecified-high",
-  load_skills=["db-architect"],
-  description="[specific database task]",
-  prompt="...",
-  run_in_background=false
-)
-```
+- Use `tdd` for red-green-refactor loops, regression hardening, and defect-driven delivery.
+- Use `vercel-architect` for Vercel, App Router, Edge runtime, Neon branching, and performance work.
+- Use `db-architect` for schema design, query analysis, migrations, and index auditing.
 
 ---
 
 ## Delegation Patterns
 
-For UI implementation and visual engineering:
-
-```typescript
-task(
-  category="visual-engineering",
-  load_skills=["frontend-ui-ux"],
-  description="Implement [component/page]",
-  prompt="...",
-  run_in_background=false
-)
-```
-
-For browser automation, E2E testing, and page validation:
-
-```typescript
-task(
-  category="unspecified-low",
-  load_skills=["agent-browser"],
-  description="[browser task]",
-  prompt="...",
-  run_in_background=false
-)
-```
-
-For exploring codebase structure and patterns:
-
-```typescript
-task(
-  subagent_type="explore",
-  load_skills=[],
-  description="Map [module/pattern] in codebase",
-  prompt="...",
-  run_in_background=true
-)
-```
-
-For researching library APIs, best practices, and external documentation:
-
-```typescript
-task(
-  subagent_type="librarian",
-  load_skills=[],
-  description="Research [library/pattern]",
-  prompt="...",
-  run_in_background=true
-)
-```
-
-For git operations (commits, branches, history):
-
-```typescript
-task(
-  category="quick",
-  load_skills=["git-master"],
-  description="[git operation]",
-  prompt="...",
-  run_in_background=false
-)
-```
-
----
+- Use `visual-engineering` for UI implementation and coded visual work.
+- Use `agent-browser` for browser automation, E2E capture, and page validation.
+- Use `explore` for codebase mapping and `librarian` for external library/documentation research.
+- Use `git-master` for git operations and `technical-writer` for external developer docs or tutorials.
 
 ---
 
@@ -405,19 +259,6 @@ When operating as a subagent inside an OpenCode orchestrated workflow (Atlas/Sis
 
 **APPEND ONLY** — never overwrite notepad files. Use Write with the full appended content or append via shell. Never use the Edit tool on notepad files.
 
-## Delegation Patterns
-
-When external developer documentation, tutorials, migration guides, or getting-started content are needed:
-
-```typescript
-task(
-  category="writing",
-  load_skills=["technical-writer"],
-  description="Write developer documentation or tutorial for [topic]",
-  prompt="...",
-  run_in_background=false
-)
-```
 ---
 
 ## Hard Rules (Non-Negotiable)